KAV and POP3 proxy - sporadic need to disable plu-in

Forum for support for the Kaspersky AntiVirus for WinGate plugin

Moderator: Qbik Staff

KAV and POP3 proxy - sporadic need to disable plu-in

Postby markt » Apr 01 04 9:51 pm

KAV is scanning POP3 proxy traffic (internal, non WIngate mail server) - most weeks (twice in two days this week) mail stops coming in. I have to disable the KAV plugin for the POP3 proxy and emails come through - not ideal by any means, fortunately the mail server also has AV protection so I am not totally exposed - any ideas or others having same problem?

Wingate 5.2.3 on Win2k pro, latest KAV plugin and signatures.

Mark.
markt
 
Posts: 56
Joined: Oct 08 03 3:34 am

Postby Pascal » Apr 01 04 11:22 pm

If you stop and start the service, does it start working again ?
Pascal

Qbik New Zealand
pascalv@qbik.com
http://www.qbik.com
Pascal
Qbik Staff
 
Posts: 2623
Joined: Sep 08 03 8:19 pm
Location: Auckland, New Zealand

Postby markt » Apr 01 04 11:56 pm

I haven't tried to stop the Pop3 proxy service, I just assumed
it was linked to KAV as it only started happeing since we migrated
from Visnetic.

Do you think a restart 'should' clear it - I obviously don't
want to have to keep doing this.

Mark.
markt
 
Posts: 56
Joined: Oct 08 03 3:34 am

Postby Pascal » Apr 02 04 12:28 am

Not too sure, it's not a problem we've encountered before (AFAIK) so I was thinking it might be proxy related.

Did you migrate your WG version at the same time, or only Visnetic to KAV ?
Pascal

Qbik New Zealand
pascalv@qbik.com
http://www.qbik.com
Pascal
Qbik Staff
 
Posts: 2623
Joined: Sep 08 03 8:19 pm
Location: Auckland, New Zealand

Postby markt » Apr 02 04 1:20 am

The same day we took WG from 5.2.2 to 5.3, removed
Visnetic, installed KAV and re-licensed Puresight.
(Puresight is not active for Pop3, not enough faith in it.)
markt
 
Posts: 56
Joined: Oct 08 03 3:34 am

Postby mcbamba » Jun 07 04 9:44 pm

I have a similar problem. We are currently using the demo version. Setup shows that expiry is about 2 days from now. Today, KAV blocked several e-mails with the message "Unexpected Failure Scanning ()". What could be the reason for this?

We are planning to purchase the license but my boss is quite disappointed because most of the blocked messages are important ones.
mcbamba
 
Posts: 2
Joined: Jun 07 04 9:35 pm

Postby markt » Jun 30 04 12:48 am

Pascal,

I have tried restarting the service several times to overcome these
problems with the message blocking. The only way I can let email
come through (pop3 proxy to internal server) is to disable
the KAV plugin. Fortunately we have secondary AV on the mail
server which has been catching the infected mail, usually
netsky.

I can see no pattern to these occurences, but they happen
every week. ANY help is appreciated now.

Mark.
markt
 
Posts: 56
Joined: Oct 08 03 3:34 am

Postby adrien » Jun 30 04 1:10 am

Hi Mark

what email client are you using to download the mail?

Some clients have problems with the way WinGate intercepts the POP3 protocol connection and scans files going through. Basically the POP3 protocol is not designed to have that done to it! So any solution is a compromise.

Another option is to have something download the mail separately, then scan it and deliver it afterwards. WinGate 6.0 for instance will do this, allowing you to download the mail, sort it, scan it and deliver it to wherever you like.

Adrien
adrien
Qbik Staff
 
Posts: 5441
Joined: Sep 03 03 2:54 pm
Location: Auckland

Postby markt » Jun 30 04 1:36 am

Hi Adrien,

We use Vpop3 (www.pscs.co.uk) as our internal email server,
this is obviously pulling the POP3 traffic through Wingate.
It is very intermittent and as I say with no pattern.

The only other possible scenario is the sequence of events
that occurs during the download - basically wingate brings
down a bit, scans it passes it on, vpop triggers its scanning
on what it has received...

I may try disabling the mail server AV scanning during the
next 'blockage'.

Mark
markt
 
Posts: 56
Joined: Oct 08 03 3:34 am

Postby adrien » Jun 30 04 1:55 am

WinGate POP3 scanning (depending on version) uses a sort of keepalive mechanism to stop the POP3 client timing out whilst it downloads and scans the entire message.

During this time, WinGate 5.2.3 will send X-Scanning: 20sec etc messages, every 20 seconds. Earlier versions sent multiple spaces on the end of the +ok command that acknowledges the request to download the mail.

What this means, is that if vpop3 only handles a certain size of message headers, or has some other limitation, it could choke if it gets too many of these headers. This would then be a random timing related issue, dependent on how long it took to download a particular message.

Adrien
adrien
Qbik Staff
 
Posts: 5441
Joined: Sep 03 03 2:54 pm
Location: Auckland

Postby markt » Jun 30 04 2:31 am

Thanks for the explanation.

The majority of the emails that it would appear
are in the process of being downloaded at the time
of the hang are only a couple of kb in size.
We are not talking large attachments here, would
your explanation still stand?

Mark.
markt
 
Posts: 56
Joined: Oct 08 03 3:34 am


Return to Kaspersky AntiVirus for WinGate

Who is online

Users browsing this forum: No registered users and 26 guests